SmartBlog 2.0.1 Blind SQL Injection

Exploit Title: SmartBlog 2.0.1 - 'idpost' Blind SQL injection Date: 2020-11-05 Exploit Author: C0wnuts Vendor Homepage: https://github.com/smartdatasoft/smartblog Version: 2.0.1 Tested on: Linux Description : A blind SQL injection is present in the "idpost" parameter of the "details" controller. ...

SmartBlog 2.0.1 - 'id_post' Blind SQL injection

Exploit Title: SmartBlog 2.0.1 - 'idpost' Blind SQL injection Date: 2020-11-05 Exploit Author: C0wnuts Vendor Homepage: https://github.com/smartdatasoft/smartblog Version: 2.0.1 Tested on: Linux Description : A blind SQL injection is present in the "idpost" parameter of the "details" controller. ...

SmartBlog 1.3 SQL Injection and Cross Site Scripting Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/39756/info SmartBlog is prone to an SQL-injection vulnerability and a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. Exploiting these vulnerabilities could allow an attack...

SmartBlog 1.3 - SQL Injection Cross-Site Scripting

SmartBlog 1.3 - SQL Injection Cross-Site Scripting source: https://www.securityfocus.com/bid/39756/info SmartBlog is prone to an SQL-injection vulnerability and a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. Exploiting these vulnerabilities coul...

SmartBlog 1.3 - SQL Injection / Cross-Site Scripting

source: https://www.securityfocus.com/bid/39756/info SmartBlog is prone to an SQL-injection vulnerability and a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. Exploiting these vulnerabilities could allow an attacker to steal cookie-based...

Sql injection

SQL injection vulnerability in index.php in SMartBlog aka SMBlog 1.3 allows remote attackers to execute arbitrary SQL commands via the idt parameter...

Sql injection

Multiple SQL injection vulnerabilities in SMartBlog aka SMBlog 1.3 allow remote attackers to execute arbitrary SQL commands via the 1 mois, 2 an, 3 jour, and 4 id parameters to index.php, and the 5 login parameter to gestion/logon.php, different vectors than CVE-2008-2183. NOTE: the provenance of...

Directory traversal

Directory traversal vulnerability in index.php in SMartBlog aka SMBlog 1.3 allows remote attackers to include arbitrary local files via directory traversal sequences in the page parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party...

CVE-2008-2184

Multiple SQL injection vulnerabilities in SMartBlog aka SMBlog 1.3 allow remote attackers to execute arbitrary SQL commands via the 1 mois, 2 an, 3 jour, and 4 id parameters to index.php, and the 5 login parameter to gestion/logon.php, different vectors than CVE-2008-2183. NOTE: the provenance of...

CVE-2008-2183

SQL injection vulnerability in index.php in SMartBlog aka SMBlog 1.3 allows remote attackers to execute arbitrary SQL commands via the idt parameter...

CVE-2008-2185

Directory traversal vulnerability in index.php in SMartBlog aka SMBlog 1.3 allows remote attackers to include arbitrary local files via directory traversal sequences in the page parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party...

CVE-2008-2184

Multiple SQL injection vulnerabilities in SMartBlog aka SMBlog 1.3 allow remote attackers to execute arbitrary SQL commands via the 1 mois, 2 an, 3 jour, and 4 id parameters to index.php, and the 5 login parameter to gestion/logon.php, different vectors than CVE-2008-2183. NOTE: the provenance of...

CVE-2008-2183

SQL injection vulnerability in index.php in SMartBlog aka SMBlog 1.3 allows remote attackers to execute arbitrary SQL commands via the idt parameter...

CVE-2008-2184

CVE-2008-2184 refers to multiple SQL injection vulnerabilities in SMartBlog (aka SMBlog) 1.3. The affected component is the application’s PHP code, with the issues exploitable through the following parameters: (1) mois, (2) an, (3) jour, and (4) id in index.php, and (5) login in gestion/logon.php...

CVE-2008-2185

The CVE-2008-2185 entry describes a directory traversal vulnerability in SMartBlog (aka SMBlog) 1.3. The vulnerability is in index.php and allows remote attackers to include arbitrary local files through directory traversal sequences supplied in the page parameter. This leads to potential exposur...

CVE-2008-2183

CVE-2008-2183 is a reported SQL injection in SMartBlog 1.3, affecting the script index.php via the idt parameter. The underlying issue allows remote attackers to execute arbitrary SQL commands (partial data access/impact described as standard injection). The connected records provide concrete vec...

CVE-2008-2185

Directory traversal vulnerability in index.php in SMartBlog aka SMBlog 1.3 allows remote attackers to include arbitrary local files via directory traversal sequences in the page parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party...

smartblog-sql.txt

Smartblog remote SQL injection exploit Script download : http://ftp1.toocharger.com/scfQ9NS/smartblog3868.zip Founder: His0k4 ALGERIAN HACKER Greetz : All friends & muslims HaCkErS... Contact: His0k4.hlmatgmail.com Dork : Actionnée par smartblog P.O.C : ---------------------...

Smartblog (index.php tid) Remote SQL Injection Vulnerability

No description provided by source. Smartblog remote SQL injection exploit Script download : http://ftp1.toocharger.com/scfQ9NS/smartblog3868.zip Founder: His0k4 ALGERIAN HACKER Greetz : All friends & muslims HaCkErS... Contact: His0k4.hlmatgmail.com Dork : Actionn脙漏e par smartblog P.O.C :...

SmartBlog 1.3 - index.php SQL Injection

SmartBlog 1.3 - index.php SQL Injection Smartblog remote SQL injection exploit Script download : http://ftp1.toocharger.com/scfQ9NS/smartblog3868.zip Founder: His0k4 ALGERIAN HACKER Greetz : All friends & muslims HaCkErS... Contact: His0k4.hlmatgmail.com Dork : Actionnée par smartblog P.O.C :...